CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1797 – kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME
https://notcve.org/view.php?id=CVE-2013-1797
22 Mar 2013 — Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. Vulnerabilidad después de liberación en arch/x86/kvm/x86.c en el kernel de Linux hasta v3.8.4 permite a los clientes usuarios del... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0b79459b482e85cb7426aa7da683a9f2c97aeae1 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2634 – kernel: Information leak in the Data Center Bridging (DCB) component
https://notcve.org/view.php?id=CVE-2013-2634
22 Mar 2013 — net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. net/dcb/dcbnl.c en el kernel de Linux anterior a v3.8.4 no inicializa determinadas estructuras, lo que permite a atacantes locales obtener información sensible desde la pila del kernel mediante una aplicación especialmente diseñada. Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=29cd8ae0e1a39e239a3a7b67da1986add1199fc0 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2635 – kernel: Information leak in the RTNETLINK component
https://notcve.org/view.php?id=CVE-2013-2635
22 Mar 2013 — The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. La función rtnl_fill_ifinfo en net/core/rtnetlink.c en el kernel de Linux anterior a v3.8.4 no inicializa un cierto miembro de la estructura, lo que permite a atacantes locales obtener información sensible desde la memoria del kernel mediante una aplicación especialme... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=84d73cd3fb142bf1298a8c13fd4ca50fd2432372 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2013-1860 – kernel: usb: cdc-wdm buffer overflow triggered by device
https://notcve.org/view.php?id=CVE-2013-1860
22 Mar 2013 — Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. Desbordamiento de búfer basado en memoria dinámica en la función drivers/usb/class/cdc-wdm.c en el kernel de Linux anterior a v3.8.4 permite a atacantes físicamente próximos causar una denegación de servicio (caída del sistema) o posiblem... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2013-1828 – Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-1828
22 Mar 2013 — The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. La función sctp_getsockopt_assoc_stats en el kernel de Linux anterior a v3.8.4 no valida el tamaño antes de proceder a una operación de copy_from_user, permitiendo a usuarios locales conseguir privilegios ... • https://www.exploit-db.com/exploits/24747 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2013-1798 – kernel: kvm: out-of-bounds access in ioapic indirect register reads
https://notcve.org/view.php?id=CVE-2013-1798
22 Mar 2013 — The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. La función ioapic_read_indirect virt/kvm/ioapic.c en el kernel de Linux hasta v3.8.4 no controla correctamente una determinada combinación de IOAPIC_REG_SELECT in... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0913 – Kernel: drm/i915: heap writing overflow
https://notcve.org/view.php?id=CVE-2013-0913
18 Mar 2013 — Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. Desbordamiento de entero en drivers/gpu/drm/i915/i91... • http://git.chromium.org/gitweb/?p=chromiumos/third_party/kernel.git%3Ba=commit%3Bh=c79efdf2b7f68f985922a8272d64269ecd490477 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2547 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2547
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe en el API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 no inicializa la estructura de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2546 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2546
14 Mar 2013 — The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. El API de informe en el API de configuración de cifrado del usuario en el kernel Linux v3.8.2 utiliza una función incorrecta de biblioteca C para copiar las cadenas, lo que permite a usuarios locales obtener información sensible de la memoria... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2548 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2548
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe del API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 utiliza un valor de longitud... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •